Hello

We have been working for some days, trying to set up SAML2-authentication for our installation of SDP
We are using version 11.1

As we understand it, we should use the transient-nameid format.
But as the transient-format (according to the saml2-standard) are only valid for single login session (i.e. it will be different each time the user authenticates again, but will stay the same as long as the user is authenticated).

We cannot change the NameID-value in our IDP, if we set the format to transient.

If we set the format to persistent, we can change the value.

We have tried to set it to:
samaccountname
domain\samaccountname
emailaddress

In all of these exemples, SDP creates a new user upon logon, not matchning it to the existing.
The existing user is imported from Active Directory and have the "samaccountname" as username in SDP.
After login with SAML2, using samaccountname as NameID-value, SDP creates a new user.

i end up with two users in SDP with the SAME username.

Some guidance would be greatly appreciated